Skip to main content

How can we help you?

Search

Quiet Mode Default Severity for Alerts

Updated: Michael Garrett Edited:

Quiet Mode Default Severity for Alerts

 

Due to the growing size of the alerts library, over 280, SaaS Alerts has reviewed and determined a new schema for the default severity of these alerts. The new default, called Quiet Mode, takes into consideration the noise the system can generate and has reduced this. The intent being that Unify, Fortify and Respond can be leveraged to tighten controls and act upon possible threats. 

 

Below is an outline of the changes that will be applied once the Quiet default has been adopted by existing Partners. 

 

Upon review of the changes we encourage all Partners to adopt the Quiet default. This new default will not override any current customized alert severities. Navigate to Settings → Customize Alert Severity. At the top there is a toggle for Onboarding Mode and Quiet Mode.. 

 

Summary of Changes 

 

Current Default Severity Count Updated Default Severity Count
Low 174 Low 256
Medium 81 Medium 26
Critical 31 Critical 4

 

Details of Changes 

 

Alert Type Alert Description Current Default Severity Updated Default Severity
multiple.login.diff.ip IAM Event - Multiple Login Connections From Different IP Addresses Low Critical
technician.disable.mfa MSP Tools - IAM - MFA Method Disabled for Technician User Medium Critical
account.locks IAM Event - Account Locked Medium Low
add.mailbox.permission Add Mailbox Permission Medium Low
add.recipient.permission Add Recipient Permission Medium Low
api.quota.exceeded API limits have been reached. Processing will resume after product’s timeout has expired. Medium Low
application.event.saas.integration Application Event - SaaS Integration Critical Low
conditional.access.violation IAM Event - Conditional Access Violation Critical Low
email.external.file.share.risk Email File Share Event - External File Share Risk Medium Low
email.forwarding.rule.enabled Email Event - Email Rule Enabled Medium Low
enduser.create.user MSP Tools - IAM - End User Created Medium Low
enduser.mfa.failure MSP Tools - IAM - End User MFA Failure Medium Low
enduser.modify.phone MSP Tools - IAM - End User modified Phone Number Medium Low
enduser.modify.user MSP Tools - IAM - End User Account Modified Medium Low
external.file.share.risk File Share Event - External File Share Risk Medium Low
fortify.action.failed Fortify Action Failed to Enabled Medium Low
fortify.action.undone.failed Fortify Action undone failed Medium Low
fortify.app.connection.failed Failed SaaS Alerts Fortify API connection Critical Low
group.management.create Policy Event - Security Group Change (create) Medium Low
group.management.delete Policy Event - Security Group Change (delete) Medium Low
group.management.update Policy Event - Security Group Change (update) Medium Low
iam.user.account.created User Created Medium Low
iam.user.account.update User Updated Medium Low
manage.alert.suppressed Alert suppressed Medium Low
manage.api.key.created API Key Created Medium Low
manage.customer.deleted Organization Deleted Medium Low
manage.customer.file.trigger.updated Organization File Event Trigger Updated Medium Low
manage.customer.name.modified Organization Name Modified Medium Low
manage.customer.recipients.added Organization`s Additional Alert Email Recipient(s) Added Medium Low
manage.customer.recipients.disabled Organization`s Additional Alert Email Recipient(s) Disabled Medium Low
manage.customer.recipients.modified Organization`s Additional Alert Email Recipient(s) Modified Medium Low
manage.customer.whitelist.updated Organization Whitelist Rule Updated Medium Low
manage.msp.billing.information.changed MSP Billing Information Changed Medium Low
manage.msp.company.information.changed MSP Company Information Changed Medium Low
manage.partner.api.key.updated Partner API Key updated Medium Low
manage.psa.connection.paused Psa Connection Paused Medium Low
manage.user.file.trigger.updated User File Event Trigger Changed Medium Low
manage.user.locked SaaS Alerts User is Locked Medium Low
manage.user.whitelist.updated User Whitelist Rule Updated Medium Low
manage.webhook.url.added Webhook URL added Medium Low
manage.webhook.url.deleted Webhook URL deleted Medium Low
modify.global.security.settings MSP Tools - System - Global Security Settings Modified Medium Low
ms.audit.off Error - MS audit off Critical Low
msp.tools.monitoring.api.external.integration.create API/External Integration create Critical Low
msp.tools.monitoring.api.external.integration.update API/External Integration update Medium Low
msp.tools.monitoring.api.key API/External Integration (create) Critical Low
msp.tools.monitoring.api.key.upd.del API/External Integration (update/delete) Critical Low
msp.tools.monitoring.data.export.create Data export Medium Low
msp.tools.monitoring.domain.delete Asset Deleted - Domain Delete Medium Low
msp.tools.monitoring.logs.export.create Logs export Medium Low
msp.tools.monitoring.runbook.created Data Export Runbook Medium Low
msp.tools.monitoring.runbook.downloaded Data Export Downloaded Medium Low
msp.tools.monitoring.ssl.deleted Asset Deleted - SSL Delete Medium Low
multifactor.auth.enabled IAM Event - Multi-Factor Authentication Enabled Critical Low
new.device Device Event - New Device Medium Low
policy.deleted MSP Tools - Policy - Deleted Medium Low
policy.event.security.role.change.create Policy Event - Security Role Change (create) Medium Low
policy.event.security.role.change.delete Policy Event - Security Role Change (delete) Medium Low
policy.event.security.role.change.update Policy Event - Security Role Change (update) Medium Low
policy.modified MSP Tools - Policy - Modified Medium Low
remotetools.filesystem.file.downloaded MSP Tools - Remote Tools - File Downloaded Medium Low
remotetools.filesystem.file.uploaded MSP Tools - Remote Tools - File Uploaded Medium Low
report.created MSP Tools - Report - Created Medium Low
report.modified MSP Tools - Report - Modified Medium Low
reports.report.scheduled Report Scheduled Medium Low
respond.account.deleted Account Deleted Critical Low
respond.account.deleted.failed Account Deleted failed Medium Low
respond.account.signin.blocked Account Sign In Blocked Medium Low
respond.account.signin.blocked.failed Account Sign In Blocked failed Medium Low
respond.app.connection.failed Failed SaaS Alerts Respond API connection Critical Low
respond.broad.rule.created SaaS Alerts Respond - Broad Rule Created Medium Low
respond.remediation.failed.reminder SaaS Alerts Respond - Rule Remediation Failed Reminder Medium Low
respond.rule.created Rule Created Medium Low
respond.rule.updated Rule Updated Medium Low
respond.state.disabled SaaS Alerts Respond Disabled Critical Low
script.create MSP Tools - Script - Created Medium Low
script.modify MSP Tools - Script - Modified Medium Low
security.group.changes Policy Event - Security Group Change Medium Low
security.policy.changes Policy Event - Security Policy Change Critical Low
securityRole.modify.membership MSP Tools - IAM - Security Role Membership Modified Medium Low
sf.external.datasource.added External DataSource has been added/updated to the governed account Critical Low
sf.external.obh.add.updates External Objects has been added/updated to the governed account Critical Low
tech.modify.phone MSP Tools - IAM - Technician User modified Phone Number Medium Low
technician.create.user MSP Tools - IAM - Technician User Account Created Medium Low
technician.mfa.failure MSP Tools - IAM - Technician MFA Failure Medium Low
technician.modify.user MSP Tools - IAM - Technician User Account Modified Medium Low
risky.activity Risky Activity Low Medium
app.connection.failed An Application API connection has failed Critical Medium
multiple.password.reset IAM Event - Multiple Password Reset Critical Medium
outside.own.location IAM Event - User Location - Outside approved location Critical Medium
system.compliance.confirmed.phishing System Compliance Event - Confirmed Phishing Critical Medium
system.compliance.domain.email.restriction System Compliance Event - Domain Email Restriction Critical Medium
system.compliance.email.flow.delay System Compliance Event - Email Flow Delay Critical Medium
system.compliance.email.forwarding System Compliance Event - Email Forwarding Critical Medium
system.compliance.email.sending.restriction System Compliance Event - Email Sending Restriction Critical Medium
system.compliance.exchange.admin System Compliance Event - Exchange Admin Critical Medium
system.compliance.exchange.forwarding System Compliance Event - Exchange Forwarding Critical Medium
system.compliance.forms.phishing.risk System Compliance Event - Forms Phishing Risk Critical Medium
system.compliance.restriction.email System Compliance Event - User Restriction Email Critical Medium
system.compliance.sensitive.data.failure System Compliance Event - Sensitive Data Failure Critical Medium
system.compliance.user.restriction System Compliance Event - User Restriction Critical Medium
user.promoted.to.admin Policy Event - Admin Access Granted Critical Medium

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.